If you’re like me, you do quite of a bit online activities that utilize secure websites. Shopping on online stores, banking, and investing all require a secure connection between your browser and the website you are sending your private information to.
But how often do you notice whether the little padlock in the upper right hand corner of your browser is actually there? This article serves as a reminder to always, always, always check.
I went to a website recently that asked me some personal information, namely, my social security number. This request surprised me, especially given the nature of what I was trying to accomplish. So I looked at the website, and here’s a screenshot of what I saw (note, I’ve tried to hide the identity of the actual website, that’s why some parts are blurry):
Notice the nice “Welcome to our secure online loan application” and the Verisign secure seal? But look again. There’s no padlock icon in the upper right hand corner of the browser. And the website is not secure at all, because the URL is “http” and not “https”. If it’s not “https”, it’s NOT secure.
Needless to say, I wasn’t going to put in my social security number.
But I did some investigation, because I’m curious and quality minded. I thought, well, maybe the web designer just forgot to put the “s” in the URL. So I typed it in. Here’s what I got:
This is a warning from my browser telling me that the SSL certificate belongs to “secure1.valueweb.com” and that it doesn’t match the website that I’m on. Not looking good.
I try another tactic. I click on the Verisign seal. Here’s what I get:
When you click on these security seals, you are checking back with the company that issued the seal to see if indeed it matches the website that you’re on. In this case, I was on a mortgage site in Washington, and the seal belonged to a software company in California.
I clicked on the “Report Seal Misuse”, emailed the webmaster, and emailed the mortgage company. While I never heard back from Verisign or the webmaster, the mortgage company did contact me. Hopefully they’ll get it fixed soon.
So there’s a big lesson here. If you hire someone to build a website and you need a SSL installed, verify for yourself that it’s working. If it’s done correctly you should see a little padlock in the upper right hand corner of your browser. The URL should be “https”. You should get no browser warnings. And if you click on the SSL seal, it should match the website perfectly.
Without these things, consumer confidence will disappear, like mine did, and your customers will leave, just like I did.
Be careful out there!Jill
Aldebaran Web Design, Seattle
Jill Olkoski has a BS in Engineering, a BS in Computer Science and an MA in Clinical Psychology. She delights in using her advanced technical and psychological skills to help small business owners develop cost-effective and successful websites.